Hackers steal $250,000 from BitFloor exchange

Emma Woollacott, 5th September 2012

The US's biggest BitCoin trading exchange, BitFloor, has been forced to temporarily shut up shop, after a virtual heist in which the equivalent of $250,000 was stolen.

Last night, an unknown attacker was able to make off with 24,000 units of the virtual currency, each worth $10.40. This means that the exchange no longer has the cash to cover its deposits, prompting founder Roman Shtylman to suspend operations.

While the cryptography used by the BitCoin system makes it almost impossible to work out the private keys used to access a user's balance, it appears that the hackers didn't need to. Astonishingly, the company was holding the same data in an unencrypted form, as a back-up made during an upgrade.

"Last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins," he says in a BitCoin forum post.

"This attack took the vast majority of the coins BitFloor was holding on hand. As a result, I have paused all exchange operations. Even tho only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC [BitCoins] at the time."

Shtylman says he is now fighting to ensure that the site can reopen at some point.

"As a last resort, I will be forced to fully shut BitFloor down and initiate account repayment using current available funds," he says.

"I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack."

According to Shtylman, the company makes around $2,100 per month, meaning that he'd be able to recover its losses in under five years. He says he's considering accepting help from investors.